How McAfee uses Customer Zero to get to decisions faster

The third in a series of three blogs by Grant and Jason on the process of identifying actionable insights.

In this series, we’ve been examining how data is collected, processed and analyzed. And, because of the complexity of the task at that analysis stage, we’ve been looking at the task of augmenting human analyst capability with automation and machine learning. Learning mechanisms – for humans and machines – are critical to this final step.

At McAfee, our greatest progress thus far in automating insights has been the application of McAfee Behavioral Analytics (MBA) and McAfee Investigator and customer machine learning classifiers using our McAfee Enterprise Security Manager (ESM) data set. This combination leverages machine learning and deep neural network capabilities to guide analysts to insights that then lead to decisions. We’re now focused on extending these investigation guides at the core of McAfee Investigator, which encapsulate the best thinking and practices of expert threat hunters, so that analysts can gather more relevant intelligence.

Those investigation guides are not just about the questions that good threat hunters ask; they are also about how the best minds answer those questions. Collecting and analyzing the attackers’ objectives, methods, and techniques directly result in operational threat intelligence that leads to conclusions about suspicious activity. For example, do we need to work with our endpoint tools to change the data they throw off and create so that we can be more effective with our investigations later?

To capture these inquiries, we’re tapping into the resources of McAfee Customer Zero, our Security Fusion Center teams. McAfee Product Management, Engineering, and the Office of the CISO are collaborating to expand the investigational use cases that are relevant to actual investigations. We view our own Security Fusion Center as the place to learn, to try things, to fine-tune our products and make them better. In the process, we want to help the Fusion Center teams triage which events matter, to get to root cause and an answer as rapidly as possible.

These are very much human-centric investigations – even with all the AI and machine learning baked in. Human-machine teaming doesn’t try to reduce the role of the person. We’re trying to help the human do more.

We believe that by collaborating and sharing best practices, augmented by machine capabilities, we can help security teams arrive at insights that lead to decision, faster and with more confidence. And that action, achieved together, is a powerful outcome indeed.

You can look for Grant Bourzikas on Twitter and LinkedIn and at security events like MPOWER, Blackhat, and RSA. Jason Rolleston can also be found at similar events and on Twitter and LinkedIn.

McAfee technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Learn more at mcafee.com. No computer system can be absolutely secure.

McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.

About the author: Grant Bourzikas

Grant Bourzikas is chief information security officer (CISO) and vice president of McAfee Labs strategy and data science.
As CISO, Bourzikas is responsible for McAfee’s cybersecurity and physical security strategy, including security architecture and solutions delivery, security governance, risk and vulnerability, and security operations and intelligence programs. As McAfee’s Customer Zero, he is responsible for protecting the McAfee organization by implementing and operationalizing McAfee endpoint security, advanced threat detection, security and event management, and cloud security products.
As VP of McAfee Labs strategy and data science, Bourzikas is responsible for driving the vision and strategic direction for McAfee’s threat intelligence data architecture platform. In addition, he leads our data science organization, focused on defining the overall data strategy and governance for McAfee Labs.
Prior to this role, Bourzikas spent 19 years in cybersecurity strategy, architecture, engineering, and operations. He is a four-time CISO, having expanded his experience at a Fortune 500 gaming company, a top financial services bank and brokerage organization, and a Fortune 500 critical infrastructure utility company. Bourzikas began his career in public accounting, leading cybersecurity strategy and assessment consulting teams.
Bourzikas holds a bachelor’s degree in accounting from the University of Missouri–St. Louis and is a certified public accountant. He is working on his master’s in data science and machine learning at Southern Methodist University. Additionally, he was named one of Computerworld’s “40 Innovative People to Watch, Under the Age of 40.”

Prior to joining McAfee, Jason was the Head of Product Management for Enterprise Routing at Cisco with responsibility for product strategy across the enterprise & service provider markets, representing over $3B in business for WAN routing, Software Defined WAM (SDWAN), network function virtualization (NFV), and converged branch infrastructure. Jason joined Cisco in 2011 and over his tenure, led teams in Unified Communications, Branch Office Consolidation and In-door wireless location services.

Prior to Cisco, Jason held a variety of senior positions at Symantec Inc. including Enterprise Security Manangement, Endpoint Management and Datacenter Automation. He holds a Bachelor of Science in Applied Physics and a Masters in Engineering Manangement from Cornell University, and an MBA from the University of Chicago Booth School of Business.

Similar articles

I had the pleasure of sitting on a panel at CyberScoop’s CyberTalks event this week, which coincides this year with the RSA 2018 Conference in San Francisco. Our discussion focused on the need to protect election systems from would-be hackers seeking to change results, sow discord in our election processes, and undermine confidence in our ...

The authors thank John Fokker and Marcelo CaroVargas for their contributions and insights. In our upcoming talk at the Cloud Security Alliance Summit at the RSA Conference, we will focus our attention on the insecurity of cloud deployments. We are interested in whether attackers can use compromised cloud infrastructure as viable backup resources as well ...

At the end of 2017, McAfee surveyed 1,400 IT professionals for our annual Cloud Adoption and Security research study. As we release the resulting research and report at the 2018 RSA Conference, the message we learned this year was clear: there is no longer a need to ask whether companies are in the cloud, it’s ...